package cn.elead.chaos.framework.web.global.xxs;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.UrlPathHelper;

import cn.elead.chaos.core.constant.APICons;
import cn.elead.chaos.framework.web.wrapper.RequestWrapper;

/**
 * 防止XSS攻击的过滤器
 *
 * @author luopeng
 */
public class XSSFilter extends OncePerRequestFilter {

	private final UrlPathHelper urlPathHelper = new UrlPathHelper();

	@Override
	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
			throws ServletException, IOException {

		request.setAttribute(APICons.API_BEGIN_TIME, System.currentTimeMillis());
		String requestUri = urlPathHelper.getOriginatingRequestUri(request);
		request.setAttribute(APICons.API_REQURL, requestUri);
		RequestWrapper xssRequest = new RequestWrapper((HttpServletRequest) request);
		chain.doFilter(xssRequest, response);
	}

}